Re: [Lake] COSE IANA registrations in EDHOC (Was: New Version Notification for draft-ietf-lake-edhoc-09.txt)

Marco Tiloca <marco.tiloca@ri.se> Tue, 24 August 2021 21:44 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0CFC3A14DB; Tue, 24 Aug 2021 14:44:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rHtYRAMYfwff; Tue, 24 Aug 2021 14:44:32 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2064.outbound.protection.outlook.com [40.107.20.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E6053A14CA; Tue, 24 Aug 2021 14:44:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RWY6y+tCn5sODcs98kf8bpsDACNxKqJzScJDJDNPqK7RIhBshhWwY0uiCyh1OwyK9X80Q9HNkemQPBRV0640pJycI15AdfsmEY7O06GoQk6VQN2BUzS1JaYF8EA1t87xq+H17sNYY/RGDC7uGBRn6PiapgDGC7Joy3x2NRY3gw3ZNLmZn4qhlY0CWkU9jB0fwb5XHhTDna7ElWih4r/Nl8dRx+3T4EdlvBzYO1cTHe7kAIrLMQoy4XdZ/sFvPdXBJ0rHTu8tZSUlMUy+Vpseyvuskdep1ZRVOpc/D56jZUI84hOdY++9ay0RYOXUw4izN8eUd0j7SNXks9ICObjRXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OyPEKfUi/2yfWoUmFAIijvAed7wIPXY0n1W/15J4V5I=; b=T+tcMBtRFDwtLSdIhPpq13tgqEuq5uu1EoMlNhq7B1PZRSG9QS60MitYuLdV0vVgv+cErk0WPLqcQi563dDxybNPm8kHsYbnRP9W3CG5gDVnIH9hEzy5wMbRFLUJXq5PDuJKRXs1SpSaqk7kCenGOw7SgVGD2kbISNq2S7q5rIGc6p6ThTtpKUyDxGNFb0hY+34Qg0EeO3TaXL29d+Mg40JL2RbAmsuuse/0oiyr2pvuREeERGqyfoaq1qwma90GlzfimX/aStzNQcip4O6txzrqqcujYRhv+W5tangyUbUoh49UlgwGURoI6mjbdQY9cDmwc0lI5V2n3aWckQGPSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OyPEKfUi/2yfWoUmFAIijvAed7wIPXY0n1W/15J4V5I=; b=Dv2uqn0jRuMCQG9iH8lpZfuIPIbZ/6zf3Z1W0VsSjHoWQ/AELf6OqPSZ5q3WJwVtNraB3AhdhnUShCNxtR1BLAQhdsLrNpASCo6QEUSPuVU5zw45xjVpIqab7lh6PfV15ctUgi/KOdaVLB5fJNvnsSac7MEtELqA9GmnbZlitrg=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14) by DB6P18901MB0040.EURP189.PROD.OUTLOOK.COM (2603:10a6:4:28::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Tue, 24 Aug 2021 21:44:27 +0000
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::b5dd:2dd6:3ef0:1f59]) by DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::b5dd:2dd6:3ef0:1f59%6]) with mapi id 15.20.4457.017; Tue, 24 Aug 2021 21:44:26 +0000
To: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>, Carsten Bormann <cabo@tzi.org>
Cc: "lake@ietf.org" <lake@ietf.org>, Michael Richardson <mcr@sandelman.ca>, "cose@ietf.org" <cose@ietf.org>
References: <F24FD33B-B94D-4C84-AE07-C9161668C16E@ericsson.com> <C5080F76-EE94-47A7-AEF7-864C7644BE8F@tzi.org> <D7EE1E0A-2EE4-4A47-AAC3-215C74C33CC3@ericsson.com>
From: Marco Tiloca <marco.tiloca@ri.se>
Message-ID: <cf501023-820b-3cb5-0e83-40075c05e641@ri.se>
Date: Tue, 24 Aug 2021 23:44:24 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
In-Reply-To: <D7EE1E0A-2EE4-4A47-AAC3-215C74C33CC3@ericsson.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="KXGIma3IURjnTt0r7T6G5UG6cfkwfBZnr"
X-ClientProxiedBy: HE1PR0901CA0048.eurprd09.prod.outlook.com (2603:10a6:3:45::16) To DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.1.7] (185.219.140.60) by HE1PR0901CA0048.eurprd09.prod.outlook.com (2603:10a6:3:45::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend Transport; Tue, 24 Aug 2021 21:44:25 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 79003ab5-a741-4415-0759-08d967485810
X-MS-TrafficTypeDiagnostic: DB6P18901MB0040:
X-Microsoft-Antispam-PRVS: <DB6P18901MB0040722F2A190245C491706899C59@DB6P18901MB0040.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: uJO6lH/pKLSxHeG6dPloqAND2xmdMGolvp3WQNZUOwQoOqfMNo+R7Ymqvj3riCiC/4NLqc6q442LQSIrV5cR5Af1LpKdITHfC0LrKlv+1kMeG4hYRU8ThLBQ/ORSKixb+o2dIBaHczv4pel4Ut6uCPCG2qot4t0GAcdDtdZWbh0ueCKkG2a5RoMviU98M/eeYGQJryrZtcA8yMjtYMRHqRVx+1SHkweXuj308zliVo0n+jstYVz89M8uf04bkXux3EmYLGtN+6cPcUFqqCTuuLAaA1AriRzXem4WRUxug1OK0VtLof9PXXmCjytbXVJXMU+msydPagMGis2xiquGe4/bl6zMTNiSSq5r4nmzsjzpAElypDANGdNl1EdkizoTZ1iHx5ADLrU6LTHhpQ8Q52xOi143WedueAM1rZoyRptLOgJmQy9wrD3qUv7z8oGZu6easa60OKV1Zy+YXOQv4J//dNgYraIbW7UFcILQNAnfBTnbC5cJ+p7U7OUdRR3zAD310jEj6BMfKu/hd208XHmLN90qRFpJdRv+WUVfUozEPdHnU68Hka4J/uF6KpkJQDhLHWvFNerGEq2C9rmlqGVPmngLwFFRcpvFr8ex63HKxKXQe0GXbTyhhC5v/HonUGlxw4nqN+crUO3FOZgeQcHXllm9pYGdWeNisGWMWML52P4qHc4ktOJ/5oDkYPTejDgR3VEl7BPF0gdmxcG1fL15dFEDLdvCcJojf9sacgHfo2sGvPGOXq6PSZZWbKuTYX6CUCTiWspHR9hX5wDHnkstUIYZVGCCng5WwcTYM2CrmBpI87eHK9Dq/rPnIpvQ
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P189MB1032.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(39840400004)(396003)(366004)(136003)(376002)(346002)(316002)(16576012)(66574015)(33964004)(31686004)(83380400001)(54906003)(36756003)(2906002)(110136005)(53546011)(5660300002)(235185007)(31696002)(66476007)(21480400003)(8676002)(966005)(186003)(6486002)(44832011)(38100700002)(66556008)(66946007)(26005)(478600001)(4326008)(15650500001)(45080400002)(8936002)(2616005)(956004)(86362001)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: kkH1cbr3jRCC25pDZVJ5ZnfAKvCUXCjs5+6wBApfikNXLLH3sMPGKBxsnvknL+J/BUJ4MFoaBmOAYuu9lKS3mLh+zEdZy0BkSgeWr0GFyo9xACROphvvZjcWDjaQKABwLR0f589uU7Exi2l7RVEn6l5+KV7gDxDfvZBeTSuB0IsKDL7T2wJgNLoTSRRHTyV4iil07CiqhNo7isFG2DVpEsAHdI7iAkw1reXFNX5qxR1n2QjBAV3Sh/rHTWUq/DqKXAOZzxVRRpK+IEsMj7kSpkRprDcNeifa2MQGW2ieZxInvStqBEMISGMa25S0SfGm0S0LB28Mcp+ohKoHcpBeyvVET7Uav3hGeRSh8iCdqsepnUAzYY/HZvZfuZxGvIUDabBFnOncXUgw4qIyTzEITuM8aXQ2qcfzt2PezM3PNYv+Xnl8KOdeL9DGeXvoLZI4WsPDyqGWuv/S87wC/yqHf92bBDAeg9k3Ch6crDAN7suaJkb2ZdKl0ZqmFGhk8/N/q+AclPA7pJ3UjFXE8OuBOChzYSMLcI2GJpz3dMwXjs18K4c9fwjW5HWeuJl185LQd0z+41uA+3qzCri1MykH5YmBttuDxaFvlA29IukvZhR9L6ibi2mr/mVhhjBzX2ZMd5AVPjX5wfMju1maWYnlfaicV3nsFh0jim7rSVSdsw5CfqvIik6L1QPxd7Hz0fdG8iL6BYhZzwEVQ851fX8/stRbzN1y1s7k1+0pq1puSKlTZJvqa3ZrMcBItda2+jwnnwFYlC+g1lTsYO+YSJ27h1gqG5iprOf2X7Gjdek1atqMpR4fH1jCPGx50FYrz45/OnXRAbWhnCyZ/HgDhX55mU9KzwCLjkKaV0gShW85i2rKm3mh9qNpdytmZHNpMTm5oNhDmfLu9oK9liaJdjCOrVGHOXBTPok1lcjjAInX3UF7MUEvYLDsGCmrvQa38uBps7O9Ray6IFti1HFK7G+9ik88P6taJmfpPRtSx9NXDOiY0hHo/z+hFcQd064uvIrlvTDmjAJOYGkVfKqIeUSiF/i6S85Qs/BZWRINlvkuy7jPKVBVm7IMYDQH47G/8lHkbiqV5Ql3C/mcY6E2UvNMsUGn+8O+nMr4+IcVQmgc+NLuqYQABf7AfZ8pAJ6h3PHzNi7VwGZW+0BxAAF92xrCynDuquBvzw2JHHX+3b7XS1zutSPQqsaYvYUUOUkIM9f6H0rCCZNVFe+UUcAmxRI5mS6/2GAq5yopF7R9M0leOnKwQYSZlTTDsLjxtCmTIRLsRX7y/FJyvcKSdrA1RcsUe3/2HNztbyNDLT9WohJColfIzJxBBzSwduuJwKo4DmgH
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 79003ab5-a741-4415-0759-08d967485810
X-MS-Exchange-CrossTenant-AuthSource: DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Aug 2021 21:44:26.6230 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: BtMksA/xIx+bXIif07ZaBDQmJiXLRrjutgMbAKiVowPgrWgSzkNDNbksZviayK7Eoy9JDdhrJ45f7AsmVBNNSA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P18901MB0040
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/yfBUVEDEmZGz99NgHUOCmIMBVJc>
Subject: Re: [Lake] COSE IANA registrations in EDHOC (Was: New Version Notification for draft-ietf-lake-edhoc-09.txt)
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Aug 2021 21:44:43 -0000

Hi all,

On 2021-08-24 13:43, Göran Selander wrote:
>
> > On 2021-08-24, 10:05, "Lake on behalf of Carsten Bormann" <lake-bounces@ietf.org on behalf of cabo@tzi.org> wrote:
>>     I see.
>>
>>     So, you are saying, this will be a “using EDHOC in COSE” specification,
> Well, others may also have use of the COSE header for CWT/UCCS, and the int value type of 'kid'.

==>MT
Yes, the ACE KDC for group communication [1] and especially the ACE 
Group Manager for Group OSCORE [2] now use (the Labels of) COSE Header 
Parameters as values for the 'pub_key_enc' parameter.

This parameter indicates the format of public keys used in the group. 
The possible formats include also CWT/UCCS under pending registration; 
see for instance the paragraphs about 'pub_key_enc' in Sections 6.1 and 
6.4 of [2].

Best,
/Marco

[1] https://datatracker.ietf.org/doc/draft-ietf-ace-key-groupcomm/

[2] https://datatracker.ietf.org/doc/draft-ietf-ace-key-groupcomm-oscore/
<==

>
>>   still normative, but referenced from EDHOC as informative as
>>    EDHOC works without COSE.
> Well, EDHOC is definitely dependent on COSE, but does not require these particular credentials or identifiers.
>
>>    Yes, it is always hard to position a “using X in Y” draft between the X and Y working groups — after all, the two ends of this draft need
>>    to fit X and Y, respectively.  If the EDHOC specification truly doesn’t need the contents of this specification, then I can see moving them
>>    into a COSE document.  But I think it is as expedient to keep them together in one document.  The only strong reason to split the
>>   document would be to avoid a long wait while COSE is deciding on some controversial content of the extracted spec.  Do we foresee such
>>   a delay?
> Not that I am aware of. Previous discussion in COSE has not indicated that this is contentious. The main thing we haven't discussed is that EDHOC would be updating rfc8152bis-struct.
>
>
> Göran
>
>
>      > On 2021-08-24, at 09:35, Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org> wrote:
>      >
>      > Combining the responses from Carsten and Michael, and including COSE.
>      >
>      >> On 2021-08-23, 19:17, "Michael Richardson" <mcr@sandelman.ca> wrote:
>      >>
>      >>   Göran Selander wrote:
>      >>> * The key identifier ‘kid’ is extended to also support CBOR ints,
>      >>> making ‘kid2’ introduced in -08 redundant. This change was based on
>      >>> feedback from the COSE WG [1]. One potential next step is to move all
>      >>> COSE-related IANA registrations from this draft to a separate COSE
>      >>> draft and make an informative reference.
>      >>
>      >>> [1] https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fcose%2FqGngdte4s3SEZEKM-xBEoXYUgKc%2F&amp;data=04%7C01%7Cmarco.tiloca%40ri.se%7Cfb94e5e14e9a419b9f1008d966f47a4b%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637654022486332814%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=TVx5osodCud2uoLxWalRjnpX3fH%2BDexH0iXEhdYrsEw%3D&amp;reserved=0
>      >>
>      >>   I understanding splitting the document so that it is easier to update,
>      >>   but I think that the reference should be normative.
>      >>
>      >>   I think we want to publish the documents together.
>      >
>      >
>      > > On 2021-08-23, 21:42, "Carsten Bormann" <cabo@tzi.org> wrote:
>      >>
>      >>> One potential next step is to move all COSE-related IANA registrations from this draft
>      >> to a separate COSE draft and make an informative reference.
>      >>
>      >>   Why?
>      >>
>      >
>      >
>      > The registrations in question are in section 8.5 -  8.7 of draft-ietf-lake-edhoc-09: The extension of 'kid' to int (both as a reference and in the referenced object) and the registration of 'cwt' to signify that the value is a CWT or UCCS.
>      >
>      > A few reasons have been mentioned for moving this from EDHOC to a COSE draft, I don't know what is most relevant, if anything:
>      >
>      > * In case of 'kid', these registrations would make EDHOC an update of draft-ietf-cose-rfc8152bis-struct (RFC-to-be 9052). I don't know if LAKE or COSE wants that.
>      >
>      > * These registrations are independent of the base EDHOC protocol, but enables the use of CWT and UCCS as credentials, and more compact identification of credentials. Therefore they could instead be referenced from EDHOC. I don't see why the reference needs to be normative.
>      >
>      > * These registrations belong to the COSE domain and may gain better awareness and reviews if put into a COSE draft.
>      >
>      >
>      > Göran
>      >
>      >
>      >
>      >
>      >
>      >
>      >
>      >
>      > --
>      > Lake mailing list
>      > Lake@ietf.org
>      > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Flake&amp;data=04%7C01%7Cmarco.tiloca%40ri.se%7Cfb94e5e14e9a419b9f1008d966f47a4b%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637654022486332814%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=LAdEidnDbp7NLyMG1ZWXU2PHFUoIn9Im2%2Bg9vQa50KI%3D&amp;reserved=0
>
>      --
>      Lake mailing list
>      Lake@ietf.org
>      https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Flake&amp;data=04%7C01%7Cmarco.tiloca%40ri.se%7Cfb94e5e14e9a419b9f1008d966f47a4b%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637654022486332814%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=LAdEidnDbp7NLyMG1ZWXU2PHFUoIn9Im2%2Bg9vQa50KI%3D&amp;reserved=0
>

-- 
Marco Tiloca
Ph.D., Senior Researcher

Division: Digital System
Department: Computer Science
Unit: Cybersecurity

RISE Research Institutes of Sweden
https://www.ri.se

Phone: +46 (0)70 60 46 501
Isafjordsgatan 22 / Kistagången 16
SE-164 40 Kista (Sweden)